 You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
I have been getting loads of these emails recently and have ignored them all as they have said the usual 'we have compromised your email account and we know your password is xxxxx' however that password has always been incorrect.
However today I received an email that had a password showing that is a password I have previously used (although not for that particular account which is also two-factor authenticated). So I am not concerned about the security of that account but it *does* suggest they have compromised another service, found my password and associated it with my email account. It is scary and its not surprising people get caught out by these emails.
I got one today, as you say with an invalid password.
Was it a complex password?
I've always assumed there's various lists going round with my email and/or password on and people may try and tie them up from multiple lists. Even if they emailed me the correct details I'd not be too worried, tbh.
I got one yesterday. The password was wrong for that email address but it was a password I use on other sites.
Another thing worth noting is that now scammers can spoof mobile numbers as well. This means you can have fake texts purporting to be from your bank (or wherever) in the same thread as genuine text messages....that really raises the game and you need to be super alert. I think these days you have to think twice before responding to any communication from a bank etc and always use the number on the back of your card rather than any number or email address given to you via electronic communication.
Remember that tanktop you bought me..
It's highly likely an account you've had in your online past has been compromised. Service providers / websites are generally a lot better these days at keeping passwords secure but for many years they were bloody useless which is why it's a good idea** to change passwords over time and to use unique passwords for services that really matter.
** sure it's not easy but password managers or a 'method' for deriving a unique password from a base one are a lot probably a lot easier than dealing with the fallout from a stolen identity.
Remember that tanktop you bought me..
The one I wrote you're gorgeous on?
Basically they've hacked a site (or got a list of passwords from someone else who has) that you've used that email address on and they are hoping that you are using the same password on multiple sites. I use a different one for every site so it also identifies which site they have hacked to see if I already know about the hack.
Drac
Your password was Babybird
..change it now.
😉
Cheers jimdubleyou - that shows quite clearly where I have been breached and they are all sites on which I have now changed passwords anyway 🙂
but it *does* suggest they have compromised another service
'they' haven't. Someone has - lists of email addresses and corresponding passwords get posted up online - for a fee (or even for free) they are available to anyone
The persons sending your these emails haven't accessed anything they are just copy and pasting from a list.
I think these particular scam emails are quite interesting - they cross a line from Fraud into Blackmail (of course they have no material to blackmail you with - but I don't know legally whether that matters). Blackmail is a much, much more serious crime and I think the authorities are perhaps being a bit slow in addressing this particular spam / scam campaign. They should be jumping all over it
Although they're no doubt hiding their tracks in terms of the traceable trail the emails take - by including information like matched addresses and passwords in the emails they are revealing something about where they are getting that information - the content in your email and in the ones I get and in the ones everyone else get - viewed together would indicate where this data is being drawn from and perhaps in turn indicate who is drawing upon it
If - for instance - everyone had a place they could forward these emails to- Â for analysis at one central source - it may not be too difficult to get to the root of all this.
A little more public information about these blackmail attempts couldn't hurt either. The threat they make is potentially quite damaging if anyone takes it at face value - the Ashley Madison hack a few years ago resulted in at least two suicides- and that hack revealed much less than these emails threaten too and the circulation of these scam attempts are far more widespread too.
Blackmail is a much, much more serious crime and I think the authorities are perhaps being a bit slow in addressing this particular spam / scam campaign. They should be jumping all over it
You're kind of assuming the perpetrators are in a place that falls under UK (or US/EU) jurisdiction, it's highly likely they won't. It's also likely some of the activity has already been traced to source (or near source), but doing anything about it from there is a different matter.
The other giveaway with these speculative fraud messages is that they say "pay up quick or we will infect your PC/seize your account". No criminal with genuine account info is going to warn you first and then attack you!
I've seen a few of these now, for me, my mum and my missus.
In each case it has been a "low security" password (i.e. the kind of password I use on the kind of site that insists I have an account, but I really don't care about and has no financial or personal stuff on it).
My mum's was the funniest as it said they had hacked her web cam and caught her making porn! 😄
Do you believe your Mum..... just saying